Our response to a recent security incident | Signals & StoriesMixpanelCopy wordmark as SVGBrand guidelinesPlatformPlatformProduct AnalyticsMeasure & optimize productsWeb AnalyticsTrack & improve website performanceMobile AnalyticsAnalyze & refine mobile appsExperiments & Feature FlaggingValidate every releaseMetric TreesTurn strategy into actionWarehouse ConnectorsSync trusted dataSession ReplayWatch user journeysIntegrationsConnect the tools you loveSecurity & PrivacyProtect customer dataUse CasesAcquire New UsersBoost marketing campaignsEngage Your UsersActivate & retain more usersGrow Your UsershipMultiply your customer baseEmpower Your TeamsAllow teams to self-serve trusted dataMetric TreesTurn strategy into action with a map for growthExplore Metric TreesSolutionsTeamsProductData AnalystsMarketingEngineeringIndustriesFinanceMedia & EntertainmentB2BEcommerceHealthcareAIBusiness SizeEnterpriseSmall and MidsizeStartup ProgramElevate your metrics strategyGo beyond your North StarAccess the EbookResourcesUsing MixpanelDocs & GuidesGetting started is easyContact SupportAccess personalized helpWhat's NewSee the latest product updatesCommunityBlogExplore growth strategiesEvents & WebinarsJoin us virtually and in personCommunityAsk questions and learnCustomer StoriesImpact in actionPartnershipsBecome a PartnerPartner and grow with usHire an ExpertGet advanced solution supportBuildersSprig’s Kevin Mandich on a decade of building with ML and AIRead ArticleAnalyticsProduct Analytics and the data warehouse: A long road to a perfect pairingRead ArticlePricingLoginContact SalesGet Started FreePlatformBackPlatformProduct AnalyticsMeasure & optimize productsWeb AnalyticsTrack & improve website performanceMobile AnalyticsAnalyze & refine mobile appsExperiments & Feature FlaggingValidate every releaseMetric TreesTurn strategy into actionWarehouse ConnectorsSync trusted dataSession ReplayWatch user journeysIntegrationsConnect the tools you loveSecurity & PrivacyProtect customer dataUse CasesAcquire New UsersBoost marketing campaignsEngage Your UsersActivate & retain more usersGrow Your UsershipMultiply your customer baseEmpower Your TeamsAllow teams to self-serve trusted dataMetric TreesTurn strategy into action with a map for growthExplore Metric TreesSolutionsBackTeamsProductData AnalystsMarketingEngineeringIndustriesFinanceMedia & EntertainmentB2BEcommerceHealthcareAIBusiness SizeEnterpriseSmall and MidsizeStartup ProgramElevate your metrics strategyGo beyond your North StarAccess the EbookResourcesBackUsing MixpanelDocs & GuidesGetting started is easyContact SupportAccess personalized helpWhat's NewSee the latest product updatesCommunityBlogExplore growth strategiesEvents & WebinarsJoin us virtually and in personCommunityAsk questions and learnCustomer StoriesImpact in actionPartnershipsBecome a PartnerPartner and grow with usHire an ExpertGet advanced solution supportBuildersSprig’s Kevin Mandich on a decade of building with ML and AIRead ArticleAnalyticsProduct Analytics and the data warehouse: A long road to a perfect pairingRead ArticlePricingLoginContact SalesCategoriesAnalyticsBuildersHow to BuildInside MixpanelTagsA/B testingAIbusiness & opsdatadata governancedata-driven culturedesignDevOpsdigital analyticsDigital continuous innovationdigital growthdigital transformationSearchSearchInside MixpanelOur response to a recent security incidentmixpanel newsArticle detailsJen TaylorCEO @ MixpanelLast Edited:Nov 27, 2025Published:Nov 27, 2025Jen TaylorCEO @ MixpanelLast Edited:Nov 27, 2025Published:Nov 27, 2025TwitterLinkedInCopy article link to clipboardOut of transparency and our desire to share with our community, this blog post contains key information about a recent security incident that impacted a limited number of our customers. On November 8th, 2025, Mixpanel detected a smishing campaign and promptly executed our incident response processes. We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts. We engaged external cybersecurity partners to remediate and respond to the incident.We proactively communicated with all impacted customers. If you have not heard from us directly, you were not impacted. We continue to prioritize security as a core tenet of our company, products and services. We are committed to supporting our customers and communicating transparently about this incident. What we did in responseSecured affected accountsRevoked all active sessions and sign-insRotated compromised Mixpanel credentials for impacted accountsBlocked malicious IP addressesRegistered IOCs in our SIEM platformPerformed global password resets for all Mixpanel employeesEngaged third-party forensics firm to advise on containment and eradication measuresPerformed a forensic review of authentication, session, and export logs across impacted accountsImplemented additional controls to detect and block similar activity going forward.Engaged with law enforcement and external cybersecurity advisorsWhat you should knowIf you received a communication from us, please review it for the steps we have taken to secure your account, as well as next steps. If you did not receive a communication from us, no action is required. Your accounts were not impacted.If you have any questions about this incident, please contact support@mixpanel.com.Share articleTwitterLinkedInCopy article link to clipboardJen TaylorCEO @ MixpanelMixpanelProgress is possibleGet DemoPlatformProduct AnalyticsWeb AnalyticsMobile AnalyticsMetric TreesWarehouse ConnectorsSession ReplayIntegrationsSecurity & PrivacyPricingUse CasesAcquire New UsersEngage Your UsersGrow Your UsershipEmpower Your TeamsTeamsProductData AnalystsMarketingEngineeringIndustriesFinanceMedia & EntertainmentB2BEcommerceHealthcareAIBusiness SizeEnterpriseSmall & MidsizeStartup ProgramResourcesDocs & GuidesContact SupportWhat's NewTroubleshooting FAQsBlogEvents & WebinarsCommunityCustomer StoriesCompanyAbout UsBecome a PartnerExpert DirectoryCareersContact SalesTemplatesCompany KPIsFeature LaunchLifecycle Cohort AnalysisEcommerceMarketing KPIsWeb AnalyticsAI Company KPIsCompare UsAmplitudeHeapPendoGoogle AnalyticsPostHogFullstoryAdobe Analytics©2024 Mixpanel. All rights reservedLegalPrivacy ProgramSecurityYour Privacy Rights

This document, a blog post authored by Mixpanel CEO Jen Taylor, details the company’s response to a recent security incident that affected a subset of their customer base. Published on November 27th, 2025, the post emphasizes transparency and proactive communication following the detection of a smishing campaign on November 8th, 2025. Mixpanel’s immediate response involved a series of comprehensive actions designed to contain the threat, mitigate potential damage, and reassure affected customers. These actions included the immediate securing of compromised accounts via the revocation of active sessions, rotation of credentials, and blocking of malicious IP addresses. Furthermore, the company engaged external cybersecurity experts and a forensics firm to guide and support the remediation efforts. A global password reset was implemented across all Mixpanel employee accounts as a precautionary measure. The internal response also involved registering Indicators of Compromise (IOCs) within their Security Information and Event Management (SIEM) platform.

The communication strategy was a key element of Mixpanel's response. The post highlights that only customers who received direct communication from Mixpanel were impacted, with the assurance that those who did not receive notification were not affected. This targeted approach, combined with a global password reset, underscores the company's commitment to minimizing risk and preventing further compromise. Following the forensic review and recommendations, Mixpanel implemented additional security controls, including monitoring for similar activity, to bolster their defenses. Collaboration with law enforcement and external cybersecurity advisors further cemented their commitment to a robust and layered security posture.

Ultimately, this post serves as a concise account of Mixpanel’s handling of a cybersecurity incident, framed by a dedication to swift action, transparency, and continuous improvement. The communication is centered around providing clear, actionable information to customers and reinforces Mixpanel’s core values regarding operational security within their product offerings. The outlined steps provide a readily understandable overview of the reactive measures taken, and signals a deliberate intention to maintain appropriate safeguards for its platform and clientele.